Subj : Google warns Salesloft attack may have compromised Workspace acco To : All From : TechnologyDaily Date : Fri Aug 29 2025 11:45:08 Google warns Salesloft attack may have compromised Workspace accounts and Salesforce instances Date: Fri, 29 Aug 2025 10:42:00 +0000 Description: The attack on Salesloft is bigger than initially thought as certain Google accounts were compromised, as well. FULL STORY ======================================================================Saleslof t suffered a third-party attack earlier this week New information suggests all authentication tokens were compromised Google disabled integrations and warned victims, in response The Salesloft cyberattack that happened earlier this week may have also compromised certain Google Workspace accounts, as well as Salesforce instances. This is according to Googles Threat Intelligence Group (GTIG), who published an updated report to warn about the worrying discovery. On Wednesday, news broke that revenue platform Salesloft fell victim to a third-party cyberattack in which sensitive information was stolen. The company is using Drift, a conversational marketing and sales platform that uses live chat, chatbots, and AI, to engage visitors in real time. Alongside it is SalesDrift, a third-party platform which links Drifts AI chat functionality to Salesforce, syncing conversations, leads, and cases, into the CRM via the Salesloft ecosystem. Salesloft under attack Starting around August 8, and lasting for about ten days, adversaries managed to steal OAuth and refresh tokens from SalesDrift, pivoting to customer environments, and successfully exfiltrating sensitive data. Now, Googles update says the scope of the compromise impacted more than the Salesforce integration: We now advise all Salesloft Drift customers to treat any and all authentication tokens stored in or connected to the Drift platform as potentially compromised, the update reads. TGIG said that the attackers compromised OAuth tokens for the Drift Email integration, and used them to access a very small number of Google Workspace accounts. Apparently, only the accounts that were configured to integrate with Salesloft were compromised. In response, Google revoked the tokens, disabled the integration functionality, and notified potentially impacted users. We are notifying all impacted Google Workspace administrators. To be clear, there has been no compromise of Google Workspace or Alphabet itself. Google also recommended organizations immediately review all third-party integrations connected to their Drift instance, revoke and rotate all credentials, and monitor all connected systems for signs of unauthorized access. The researchers believe the attack was done by a group tracked as UNC6395, although ShinyHunters claimed it was their doing. Via BleepingComputer You might also like Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks Take a look at our guide to the best authenticator app We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/google-warns-salesloft-attack-may-have- compromised-workspace-accounts-and-salesforce-instances --- Mystic BBS v1.12 A49 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .